Is anyone monitoring for the start and end of SCEP scans? I’m trying to convince our Windows Engineering team and Security that the Full Weekly Scans aren’t effective on large disks, but I need to be able to show how long they are taking. We’ve observed that some will go on over 1 week, resulting in the subsequent failure of the next scheduled weekly Full scan. I’m also working on the theory that while SCEP is occupied wasting its time on a Full scan, it’s not updating its definition files because I work the compliance issues on systems with DEF’s over 5 days and every single one of them is running a Full scan when I log in. The GUI isn’t helpful because it shows the session time as the start of the scan.

I haven’t dug too deeply into this, so there’s a chance I’m missing something obvious.

Edit: I could just do a process monitor, but I was hoping more for an event based monitor solution; still digging.

BlakeTheITGuy selected answer